Looking for a list of the search fields? Click here
Looking for sample search queries? Click here
Search by Field | String matching | Full Text Search | Boolean Operators | Multiple values (In, Not In) | Is Null Queries | Range searches | Date searches | Nested Queries
Enter the field name, then a colon, then your query. Nested fields are dot separated.
Examples:
provider:aws
tag.key:department
subnet.availabilityZone:ap-southeast-2c
instance.state:terminated
There are many fields you can search within each resource type. Start by clicking on the resource type in List View. Then enter "and" followed by the field name and value.
Examples:
resource.type:"Instance" and instance.type:t2.micro
resource.type:"Subnet" and subnet.availabilityZone:ap-southeast-2c
resource.type:"VPC" and vpc.instanceTenancy:default
Use single quotes or double quotes around your query to match a string. Your results will include any match that contains the string.
Examples:
iamuser.arn:"arn:aws:iam::383031258652:user"
resource.id:"subnet"
Some fields containing strings of text (like names, descriptions) allow you to use full text search and advanced search capabilities. Full text search fields do not support exact matching.
Examples:
Show controls with s3 in the name (case insensitive)
control.name:s3
Show policies with "amazon" and "benchmark" in the name (in any order, case insensitive)
policy.name:"amazon benchmark"
Use keywords AND, OR, NOT to narrow or broaden your search.
Examples:
region:Mumbai or region:Sydney
NOT account.id:383031258652
control.criticality:HIGH and service.type:IAM
Use to match values "In" or "Not In" fields. You'll need to remove the colon and then write "in" or "not in", followed by a comma-separated list of values within square brackets. Do not use quotes around your values. Available for all fields except analyzed fields (i.e. full text search fields).
Show all resources in one of the regions listed
region in [Sydney, Mumbai]
Show subnets NOT in any of the availability zones listed
resource.type:Subnet and subnet.availabilityZone not in [eu-west-2c, eu-west-1a, eu-west-3c]
Want to match an empty/null value for a field? You'll need to remove the colon and then write "is null". For example, find resources where the name is null.
Examples:
name is null
tag.value is null
Ranges can be specified with the [lower .. upper] syntax using () and/or [] as follows. This is supported for numeric and date fields.
Examples:
Greater than or equal to 123 and less than or equal to 1234 - uses square brackets
elb.listener.loadBalancerPort:[123 .. 1234]
Greater than but not equal to 123 and less than but not equal to 1234 - uses parenthesis
elb.listener.loadBalancerPort:(123 .. 1234)
Greater than or equal to 123 and less than but not equal to 1234
elb.listener.loadBalancerPort:[123 .. 1234)
Greater than but not equal to 123 and less than or equal to 1234
elb.listener.loadBalancerPort:(123 .. 1234]
Greater than 123
elb.listener.loadBalancerPort > 123
Greater than or equal to 123
elb.listener.loadBalancerPort >= 123
Less than 1234
elb.listener.loadBalancerPort < 1234
Less than or equal to 1234
elb.listener.loadBalancerPort <= 1234
Between January 1st and April 1st 2018
updated: [2018-01-01 .. 2018-04-01]
Use a date range [start date .. end date] or a specific date. Several date variables are also available.
Examples:
updated:2018-03-27
updated < 2018-03-27
updated:[2018-01-27 .. 2018-03-27]
updated:[now-3d .. now-1s]
Use a single nested query, using parentheses, to include multiple fields in your query per examples below.
Examples:
Find instances that are type t2.micro and stopped.
resource.type:Instance and instance: (type:t2.micro and state:stopped)
Find controls that have High criticality and the control result is Fail.
control: (criticality:HIGH and result:FAIL)